Sign and verify zone files with ECC Keys

1. Use dnssec-signzone command below to perform zone signing.

# dnssec-signzone -E pkcs11 -S -z -o exampleecc.net /var/named/exampleecc.net 

Zone signing for ECC Key

This generates the exampleecc.net.signed file.

2. Verify the signed zone file.

# dnssec-verify -E pkcs11 -z -o exampleecc.net /var/named/exampleecc.net.signed  \

Zone verification for ECC Key